Merge pull request #7773 from erik-krogh/CWE-367

JS: add a js/file-system-race query

javascript/ql/test/query-tests/Security/CWE-367/FileSystemRace.expected

@@ -0,0 +1,4 @@
+| tst.js:8:3:8:54 | fs.writ ... o600 }) | The file may have changed since it $@. | tst.js:7:6:7:28 | fs.exis ... lePath) | was checked |
+| tst.js:14:3:14:40 | fs.writ ... ntent") | The file may have changed since it $@. | tst.js:12:15:12:36 | fs.stat ... ePath2) | was checked |
+| tst.js:18:3:18:40 | fs.writ ... ntent") | The file may have changed since it $@. | tst.js:17:1:19:2 | fs.acce ... T OK\\n}) | was checked |
+| tst.js:33:3:37:4 | fs.open ... ..\\n  }) | The file may have changed since it $@. | tst.js:27:1:38:2 | fs.acce ...  });\\n}) | was checked |

javascript/ql/test/query-tests/Security/CWE-367/FileSystemRace.qlref

@@ -0,0 +1 @@
+Security/CWE-367/FileSystemRace.ql

javascript/ql/test/query-tests/Security/CWE-367/tst.js

@@ -0,0 +1,38 @@
+const fs = require("fs");
+const os = require("os");
+const path = require("path");
+
+const filePath = path.join(os.tmpdir(), "my-temp-file.txt");
+
+if (!fs.existsSync(filePath)) {
+  fs.writeFileSync(filePath, "Hello", { mode: 0o600 }); // NOT OK
+}
+
+const filePath2 = createFile();
+const stats = fs.statSync(filePath2);
+if (doSomethingWith(stats)) {
+  fs.writeFileSync(filePath2, "content"); // NOT OK
+}
+
+fs.access(filePath2, fs.constants.F_OK, (err) => {
+  fs.writeFileSync(filePath2, "content"); // NOT OK
+});
+
+fs.open("myFile", "rw", (err, fd) => {
+  fs.writeFileSync(fd, "content"); // OK
+});
+
+import { open, close } from "fs";
+
+fs.access("myfile", (err) => {
+  if (!err) {
+    console.error("myfile already exists");
+    return;
+  }
+
+  fs.open("myfile", "wx", (err, fd) => { // NOT OK
+    if (err) throw err;
+
+    // ....
+  });
+});